Any computer guru can offer advice on a Virus?

RideOnTime

My laptop seems to be affected by a maicious virus.

Basically as Windows loads this screen pops-up and locks the computer. The screen has various pictures and logos that look like they've been cut and paste from police websites and include a picture of the Queen and a man who looks like a Chief Constable.

Its very sinister because if accuses me of trying to access websites with images of rape, child porn, terrorism etc etc. All a bit random. It asks me to pay £100 or face a fine of £250k in 3 days time. All very random.

I have Sophos running all the time and rescanning Sophos found 3 dodgy files (one was Trojan) and I deleted them. I have run Windows Defender and that hasn't found anything. If I keep doing CTRL-ALT-DEL and cancelling restart I can get rid of the screen and get to my desktop after 4-5 attempts.

Anyone had this virus and got rid of it?

guinea

Haven't ahd the malware you've got but Malwarebytes usually fixes this stuff.

You may need to get it on another PC and use a USB fob to copy it over.

There are detailed instructions on their site.

Good luck.

RideOnTime

Thanks I'll give that a try...

daviesee

So.
Just what websites have you been trying to visit?
Just out of curiosity obviously.

craker

Restart windows in Safe Mode (F8 at boot time, choose from the list). When it's loaded you should be able to get into the start-up settings to make sure this thing doesn't run at computer start-up (Start->Run->MSConfig, you can see what apps. are started with Windows here.)

If you've already got MalwareBytes installed then run that instead of faffing around with msconfig. If it's not installed you may be able to run it off USB (guinea reckons you can, give it a try).

pinno

Your computer needs exorcising.

This man could help

Seriously though, I hope you get it fixed.

VTech

I had this at the start of my most important meeting of 2012, its a blue screen with banner on the top ?

Restart in safe mode with network and download avast anti virus and do a full system scan, it will remove the trojan.

diamonddog

craker wrote:

Restart windows in Safe Mode (F8 at boot time, choose from the list). When it's loaded you should be able to get into the start-up settings to make sure this thing doesn't run at computer start-up (Start->Run->MSConfig, you can see what apps. are started with Windows here.)

^^This, I sorted a friends pc out that had the same thing doing this.

RideOnTime

Thanks for the advice.

I have downloaded the Malwarebytes freeware and run a scan. It hasn't detected anything.

I have also looked in the Start-up under the MSconfig thing.

Scanned now iwth Sophos, MalwareBytes and Windows Defender so I'm hoping that even if I can't get rid of the screen on start-up it is not doing any further damage.

As to what it looks like - it has a picture of the a Chief Constable, the Queen and the side of the screen carries an Interpol logo and I think it has a logo for the new NCU as well as various anti-cyber crime logos. In some ways it's clever because it really makes you panic and think have I accidentally looked at something really dodgy or has something loaded in the background that's really dodgy. I expect they catch a few people just by the really unpleasant nature of how accusationary it is. Its a nasty piece of work by someone.

the playing mantis

VTech wrote:

I had this at the start of my most important meeting of 2012, its a blue screen with banner on the top ?

Restart in safe mode with network and download avast anti virus and do a full system scan, it will remove the trojan.

what on earth have you guys been looking at! i thoguht you knew better vtech!

kajjal

To be sure you will need to wipe your laptop and reinstall windows. There is no real way of telling what is going on in the background as it may be logging your access to you bank website, credit card website etc.

Sorry to sound a bit severe but it is the only way to be sure. You can backup your files etc first onto a USB drive of some sort and once the laptop is rebuilt scan the USB drive with AV software.

croptonboy

Presumably it's something like this? (called 'Ransomware')
http://botcrawl.com/how-to-remove-the-p ... e-malware/

Might also be worth trying to run Stinger in Safe Mode:
http://www.mcafee.com/uk/downloads/free ... inger.aspx

upperoilcan

The best way to stay secure against these sort of Trojans is to stick to the softer side of porn.

markhewitt1978

Kajjal wrote:

To be sure you will need to wipe your laptop and reinstall windows. There is no real way of telling what is going on in the background as it may be logging your access to you bank website, credit card website etc.

Sorry to sound a bit severe but it is the only way to be sure. You can backup your files etc first onto a USB drive of some sort and once the laptop is rebuilt scan the USB drive with AV software.

This; the best way by far is to wipe and reinstall.

RideOnTime

Having installed and run MalwareBytes. I have now restarted the PC. For the first time no malicious screen with the Queen accusing me of allsorts of dishonourable things. Sophos detected a virus again (considering it has already found three and cleaned them up).

This time I noted that it was Troj/Agent-AEFW.

RideOnTime

I reckon the Sophos update has worked and can now pick this virus up.

It's a pernicious little sod you don't want this I tell thee.

john_kline

I had that virus a few months ago. It is apparently a very common scam. As I remember, you power off then restart computer in safe mode. Once in, go to the start menu and search for system restore. You restore your computer to an earlier time before the virus appeared, a couple of weeks or so. The system restore did take a while. Then I downloaded the anti malware software. I'm the furthest thing from a computer expert but it seems fine now.

the playing mantis

kaspersky is meant to be the best, i use the freeware to protect me, not sure how good the actual removal tool is. you can get it free.

Pross

Just pay the £100, sounds like the simplest solution and means you avoid the fine.

richk

Once had something similar that could only be removed with a system restore to a couple of weeks previously.

goonz

Virus? Is that a new bike by Specialized?